Upgrade port audit now!

Simon L. B. Nielsen simon at FreeBSD.org
Sun Mar 11 21:40:31 UTC 2012


If you have portaudit installed, you should upgrade sooner rather than later!

Begin forwarded message:

> From: "Simon L. Nielsen" <simon at FreeBSD.org>
> Subject: cvs commit: ports/ports-mgmt/portaudit Makefile pkg-plist ports/ports-mgmt/portaudit/files portaudit-cmd.sh
> Date: 11 March 2012 21:32:58 GMT
> To: ports-committers at FreeBSD.org, cvs-ports at FreeBSD.org, cvs-all at FreeBSD.org
> simon       2012-03-11 21:32:58 UTC
>  FreeBSD ports repository
>  Modified files:
>    ports-mgmt/portaudit Makefile pkg-plist 
>    ports-mgmt/portaudit/files portaudit-cmd.sh 
>  Log:
>  Portaudit 0.6.0:
>  Fix remote code execution which can occur with a specially crafted
>  audit file.  The attacker would need to get the portaudit(1) to
>  download the bad audit database, e.g. by performing a man in the
>  middle attack.
>  Add signature verification of the portaudit database.  The public key
>  is for the database generated for portaudit.FreeBSD.org is included
>  in the distribution.
>  Submitted by:   Michael Gmelin <freebsd at grem.de>
>  Reported by:    Michael Gmelin <freebsd at grem.de>, Joerg Scheinert
>  Security:       Remote code execution
>  Security:       http://vuxml.FreeBSD.org/6d329b64-6bbb-11e1-9166-001e4f0fb9b1.html
>  Feature safe:   yes
>  With hat:       so

Simon L. B. Nielsen
FreeBSD Deputy Security Officer

More information about the freebsd-ports mailing list